PT-2020-4243 · Gnu+6 · Glibc+6

Guido Vranken

·

Published

2020-02-12

·

Updated

2024-06-15

·

CVE-2020-10029

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: glibc versions prior to 2.32
Description: The issue is related to the functions cosl, sinl, sincosl, and tanl in the GNU C Library (glibc), which can cause a buffer overflow. This can lead to a denial of service by damaging the stack when calling trigonometric functions with a pseudo-zero argument. Specifically, the problem occurs when an input to an 80-bit long double function contains a non-canonical bit pattern, such as passing a 0x5d414141414141410000 value to sinl on x86 targets.
Recommendations: For glibc versions prior to 2.32, update to version 2.32 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable functions cosl, sinl, sincosl, and tanl until a patch is available. Avoid using non-canonical bit patterns as input to these functions to minimize the risk of exploitation.

Exploit

Fix

Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-787

Related Identifiers

ALT-PU-2020-2070
ALT-PU-2021-2862
ALT-PU-2021-2880
ALT-PU-2021-3034
BDU:2020-04684
CESA-2020_4444
CESA-2021_0348
CVE-2020-10029
DLA-3152-1
MGASA-2020-0135
OPENSUSE-SU-2020:0381-1
OPENSUSE-SU-2020_0381-1
OPENSUSE-SU-2024:10792-1
RHSA-2020:4444
RHSA-2020_4444
RHSA-2021:0348
RHSA-2021:2998
RHSA-2021:3315
RHSA-2021_0348
SUSE-SU-2020:0668-1
SUSE-SU-2020:0832-1
SUSE-SU-2020:3024-1
SUSE-SU-2020_0668-1
SUSE-SU-2020_0832-1
SUSE-SU-2020_3024-1
USN-4416-1

Affected Products

Alt Linux
Astra Linux
Centos
Red Hat
Suse
Ubuntu
Glibc